Conventional web technology (e.g., servers) may not able to reliably and securely identify web traffic. For instance, a server may have no way to differentiate between a good client versus a bad client. An example of a bad client may be proxy interceptor, bot, cross-site scripting, etc. For instance, bad clients may perform Man-in-the-middle (MITM) attacks, Cross-site Request Forgery (CSRF) attacks, Cross-site Scripting (XSS) attacks, or Man-in-the-browser (MITB) attacks.
Moreover, it is common to provide, among other things, functionality for a one-click checkout experience, long-lived tokens, or cookie sessions that may be valid for months. However, such functionality may present a high risk of manipulation or be susceptible to attack by bad clients. Furthermore, two-step authentication may be insufficient to avoid such attacks by bad clients. Therefore, there remains a need for protocols to reliably and securely identify a good (e.g., trustworthy) client.
The present disclosure is directed to overcoming one or more of these above-referenced challenges. The background description provided herein is for the purpose of generally presenting the context of the disclosure. Unless otherwise indicated herein, the materials described in this section are not prior art to the claims in this application and are not admitted to be prior art, or suggestions of the prior art, by inclusion in this section.